Abstract
Normally, it has been believed that the initial values of cryptographic schemes do not need to be managed secretly unlike the secret keys. However, we show that multiple modes of operation of block ciphers can suffer a loss of security by the state of the initial values. We consider several attacks according to the environment of the initial values; known-IV attack, known-in-advance-IV attack, and replayed-and-known-IV attack. Our attacks on cascaded three-key triple modes of operation requires 3-7 blocks of plaintexts (or ciphertexts) and 3 • 256-9 • 256 encryptions. We also give the attacks on multiple modes proposed by Biham.
Original language | English |
---|---|
Pages (from-to) | 441-462 |
Number of pages | 22 |
Journal | Journal of Cryptology |
Volume | 19 |
Issue number | 4 |
DOIs | |
State | Published - Oct 2006 |
Keywords
- Block ciphers
- Cryptanalysis
- Known-IV attacks
- Knownin- advance-IV attacks
- Multiple modes of operation
- Replayed-and-known-IV attacks